Vulnerabilities > Testlink > Testlink > 1.9.20

DATE CVE VULNERABILITY TITLE RISK
2020-04-27 CVE-2020-12274 Improper Input Validation vulnerability in Testlink 1.9.20
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
network
low complexity
testlink CWE-20
7.5
7.5
2020-04-27 CVE-2020-12273 Insufficiently Protected Credentials vulnerability in Testlink 1.9.20
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
network
low complexity
testlink CWE-522
5.0
5.0
2020-04-03 CVE-2020-8639 Unrestricted Upload of File with Dangerous Type vulnerability in Testlink 1.9.20
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
network
low complexity
testlink CWE-434
6.5
6.5
2020-04-03 CVE-2020-8638 SQL Injection vulnerability in Testlink 1.9.20
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
network
low complexity
testlink CWE-89
7.5
7.5
2020-04-03 CVE-2020-8637 SQL Injection vulnerability in Testlink 1.9.20
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
network
low complexity
testlink CWE-89
7.5
7.5